The Internet of Things – a new cyber crime target

As we are entering the era of the Internet of Things (IoT), our homes are becoming increasingly populated by devices that are connected to the Internet in order to share information with each other and the external world more easily. Ranging from smart phones and smart TVs to motor-cars with 4G and Wi-Fi, from automated household appliances to sophisticated business tools, this web – connected smart devices are collectively known as the Internet of Things. According to a Cisco report, it’s predicted that 50 billion objects worldwide will be connected to the internet by 2020.

The benefits that the Internet of Things can bring are numerous, but so are the concerns that it can facilitate cyber attacks. According to a Proofpoint’s report on cyber attacks, cyber criminals are beginning to target home appliances and smart devices. Often these Internet-connected devices have significant implications for device owners. They are easier to hack as they don’t have robust security measures, such as strong passwords, in place so are obviously easier to infiltrate and to infect than PC, laptops or tablets.

Organisations using the Internet of Things can see huge benefits such as greater efficiency, lower costs, improved services, greater accessibility to information, increased employee productivity and higher customer satisfaction. But although there are numerous benefits, organisations face grave risks such as espionage, corporate and personal data breaches, theft of intellectual property, and attacks on infrastructure components because they are more exposed to the internet. It is strongly recommended that manufacturers of smart devices need to start focusing on building more secure tools for organisations and individuals. Organisations should implement robust measures to secure their infrastructures and business information.

According to an ISACA report on how European IT professionals perceive the Internet of Things, 27% stated that the risk outweighed the benefits. 39% of respondents said that increased security threats were seen as the biggest governance issue, followed by data privacy at 26%.

European Internet users are very concerned about cyber security. According to the Eurobarometer report carried out by the European Union in 2013, 28% of Europeans don’t feel safe when simply browsing the Internet and carrying out online transactions. The main fears among European Internet users are that personal information is not kept secure by websites and organisations and that banking information can be stolen and bank accounts hacked while transactions are carried out. 84% use the internet for email access, 50% for commercial transactions and 48% for online banking are Swedish, Dutch and Danish, but they are also the ones who feel more informed about cybercrime and cyber security. In contrast, the Romanians, Hungarians and Portuguese are less likely to use the internet for e-commerce and feel less informed about cybersecurity, and as a result are more concerned.

With a robust Information Security Management System (ISMS) in place, customers and clients will feel more secure when making online transactions, and will build trust towards organisations and experience greater customer satisfaction. IT Governance EU thinks that cyber security training course are necessary for individuals and organisations in countries like Portugal, Hungary and Romania in order to raise awareness of cyber security risks. ISO 27001 ensures organisations are protected from information risks and threats which could otherwise lead to reputational damage, financial repercussions and the loss of assets. The ISO27001 Certified ISMS Foundation Training Course is an introductory training course which raises awareness and builds information security knowledge. To those who need an advanced level of training to deliver information security management to an organisation, we recommend attending the ISO27001 Certified ISMS Lead Implementer Online which is designed to give comprehensive and practical advice for implementing and maintaining the requirements for ISO27001.